Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(731)

Issue 2542593002: Fix XSS in app launcher and remove use of unvalidated URL (Closed)

Created:
4 years ago by robwu
Modified:
4 years ago
Reviewers:
CC:
chromium-reviews
Target Ref:
refs/pending/branch-heads/2924
Project:
chromium
Visibility:
Public.

Description

Fix XSS in app launcher and remove use of unvalidated URL The third parameter of "launchApp" is only used for the webstore app, and used to append utm_source=chrome-ntp-icon to the app URL. But the launchApp handler did not validate that the URL is safe. To fix that issue, I specialize the parameter for launchApp: It now takes the source string ("chrome-ntp-icon") instead of a URL without validation. BUG=668665 TEST=Manually using test case from bug report. Also opened the app launcher and verified that clicking on the Webstore icon still leads to the same place. CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:closure_compilation Review-Url: https://codereview.chromium.org/2527413002 Cr-Commit-Position: refs/heads/master@{#434939} (cherry picked from commit 15120efa4b9394086d687086e443f47290b5170a) Committed: https://chromium.googlesource.com/chromium/src/+/40a0d587a65320cba1eab074774740c2f7a8a67b

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+18 lines, -14 lines) Patch
M chrome/browser/resources/ntp4/apps_page.js View 2 chunks +4 lines, -9 lines 0 comments Download
M chrome/browser/ui/webui/ntp/app_launcher_handler.cc View 5 chunks +14 lines, -5 lines 0 comments Download

Messages

Total messages: 2 (1 generated)
robwu
4 years ago (2016-11-30 11:46:25 UTC) #2
Message was sent while issue was closed.
Committed patchset #1 (id:1) manually as
40a0d587a65320cba1eab074774740c2f7a8a67b.

Powered by Google App Engine
This is Rietveld 408576698